The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
The Internal Revenue Service (IRS) has issued a press release addressing a new spear phishing scam targeting tax preparers and other tax professionals. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials.
The Internet Systems Consortium (ISC) has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition.
Updates available include:
- BIND 9.9.6-P2
- BIND 9.10.1-P2
Users and administrators are encouraged to review ISC Knowledge Base Article AA-01235 and apply the necessary updates.
Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for February 2015. Some of these vulnerabilities could allow remote code execution, security feature bypass, elevation of privilege, or disclosure of information.
US-CERT encourages users and administrators to review Microsoft Security Bulletin Summary MS15-FEB and apply the necessary updates.